mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-09-11 17:08:02 +02:00
Use writable? method for local modules
This commit is contained in:
parent
92dec1ecf8
commit
c3080d69f2
@ -176,7 +176,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -172,7 +172,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -50,11 +50,13 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
'Privileged' => true
|
'Privileged' => true
|
||||||
}
|
}
|
||||||
))
|
))
|
||||||
register_options([
|
register_options [
|
||||||
OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]),
|
|
||||||
OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', ['Auto', 'True', 'False']]),
|
OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', ['Auto', 'True', 'False']]),
|
||||||
OptInt.new('MAXWAIT', [ true, 'Max seconds to wait for decrementation in seconds', 120 ])
|
OptInt.new('MAXWAIT', [ true, 'Max seconds to wait for decrementation in seconds', 120 ])
|
||||||
])
|
]
|
||||||
|
register_advanced_options [
|
||||||
|
OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]),
|
||||||
|
]
|
||||||
end
|
end
|
||||||
|
|
||||||
def check
|
def check
|
||||||
|
@ -185,7 +185,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -169,7 +169,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -165,7 +165,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -36,22 +36,22 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
end
|
end
|
||||||
|
|
||||||
def exploit
|
def exploit
|
||||||
unless cmd_exec("test -w '/etc/rc.local' && echo true").include? 'true'
|
rc_path = '/etc/rc.local'
|
||||||
fail_with Failure::BadConfig, '/etc/rc.local is not writable'
|
|
||||||
|
unless writable? rc_path
|
||||||
|
fail_with Failure::BadConfig, "#{rc_path} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status('Reading /etc/rc.local')
|
print_status "Reading #{rc_path}"
|
||||||
|
|
||||||
# read /etc/rc.local, but remove `exit 0`
|
# read /etc/rc.local, but remove `exit 0`
|
||||||
rc_local = read_file('/etc/rc.local').gsub(/^exit.*$/, '')
|
rc_local = read_file(rc_path).gsub(/^exit.*$/, '')
|
||||||
|
|
||||||
# add payload and put back `exit 0`
|
# add payload and put back `exit 0`
|
||||||
rc_local << "\n#{payload.encoded}\nexit 0\n"
|
rc_local << "\n#{payload.encoded}\nexit 0\n"
|
||||||
|
|
||||||
# write new file
|
# write new file
|
||||||
print_status('Patching /etc/rc.local')
|
print_status "Patching #{rc_path}"
|
||||||
write_file('/etc/rc.local', rc_local)
|
write_file(rc_path, rc_local)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
@ -158,7 +158,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -149,7 +149,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::NotVulnerable, 'Target not vulnerable! punt!'
|
fail_with Failure::NotVulnerable, 'Target not vulnerable! punt!'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -140,7 +140,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -169,7 +169,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
class MetasploitModule < Msf::Exploit::Local
|
class MetasploitModule < Msf::Exploit::Local
|
||||||
Rank = GreatRanking
|
Rank = GreatRanking
|
||||||
|
|
||||||
|
include Msf::Post::File
|
||||||
include Msf::Post::OSX::Priv
|
include Msf::Post::OSX::Priv
|
||||||
include Msf::Post::OSX::System
|
include Msf::Post::OSX::System
|
||||||
include Msf::Exploit::EXE
|
include Msf::Exploit::EXE
|
||||||
@ -43,7 +44,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
'DefaultOptions' => { 'PAYLOAD' => 'osx/x64/shell_reverse_tcp' }
|
'DefaultOptions' => { 'PAYLOAD' => 'osx/x64/shell_reverse_tcp' }
|
||||||
))
|
))
|
||||||
|
|
||||||
register_options [
|
register_advanced_options [
|
||||||
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
|
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
@ -65,7 +66,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
class MetasploitModule < Msf::Exploit::Local
|
class MetasploitModule < Msf::Exploit::Local
|
||||||
Rank = GreatRanking
|
Rank = GreatRanking
|
||||||
|
|
||||||
|
include Msf::Post::File
|
||||||
include Msf::Post::OSX::Priv
|
include Msf::Post::OSX::Priv
|
||||||
include Msf::Post::OSX::System
|
include Msf::Post::OSX::System
|
||||||
include Msf::Exploit::EXE
|
include Msf::Exploit::EXE
|
||||||
@ -52,7 +53,9 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
))
|
))
|
||||||
|
|
||||||
register_options [
|
register_options [
|
||||||
OptString.new('PYTHON', [true, 'Python executable', '/usr/bin/python']),
|
OptString.new('PYTHON', [true, 'Python executable', '/usr/bin/python'])
|
||||||
|
]
|
||||||
|
register_advanced_options [
|
||||||
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
|
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
@ -78,7 +81,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
class MetasploitModule < Msf::Exploit::Local
|
class MetasploitModule < Msf::Exploit::Local
|
||||||
Rank = GreatRanking
|
Rank = GreatRanking
|
||||||
|
|
||||||
|
include Msf::Post::File
|
||||||
include Msf::Post::OSX::Priv
|
include Msf::Post::OSX::Priv
|
||||||
include Msf::Post::OSX::System
|
include Msf::Post::OSX::System
|
||||||
include Msf::Exploit::EXE
|
include Msf::Exploit::EXE
|
||||||
@ -74,7 +75,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
class MetasploitModule < Msf::Exploit::Local
|
class MetasploitModule < Msf::Exploit::Local
|
||||||
Rank = NormalRanking
|
Rank = NormalRanking
|
||||||
|
|
||||||
|
include Msf::Post::File
|
||||||
include Msf::Post::OSX::Priv
|
include Msf::Post::OSX::Priv
|
||||||
include Msf::Post::OSX::System
|
include Msf::Post::OSX::System
|
||||||
include Msf::Exploit::EXE
|
include Msf::Exploit::EXE
|
||||||
@ -58,7 +59,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -87,7 +87,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -89,7 +89,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
class MetasploitModule < Msf::Exploit::Local
|
class MetasploitModule < Msf::Exploit::Local
|
||||||
Rank = NormalRanking
|
Rank = NormalRanking
|
||||||
|
|
||||||
|
include Msf::Post::File
|
||||||
include Msf::Post::OSX::Priv
|
include Msf::Post::OSX::Priv
|
||||||
include Msf::Post::OSX::System
|
include Msf::Post::OSX::System
|
||||||
include Msf::Exploit::EXE
|
include Msf::Exploit::EXE
|
||||||
@ -39,7 +40,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
'DefaultTarget' => 0
|
'DefaultTarget' => 0
|
||||||
))
|
))
|
||||||
|
|
||||||
register_options [
|
register_advanced_options [
|
||||||
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
|
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
@ -61,7 +62,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -54,9 +54,11 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
))
|
))
|
||||||
|
|
||||||
register_options [
|
register_options [
|
||||||
OptString.new('WritableDir', [true, 'Writable directory', '/tmp']),
|
|
||||||
OptString.new('VMWARE_PATH', [true, "The path to VMware.app", '/Applications/VMware Fusion.app']),
|
OptString.new('VMWARE_PATH', [true, "The path to VMware.app", '/Applications/VMware Fusion.app']),
|
||||||
]
|
]
|
||||||
|
register_advanced_options [
|
||||||
|
OptString.new('WritableDir', [true, 'Writable directory', '/tmp'])
|
||||||
|
]
|
||||||
end
|
end
|
||||||
|
|
||||||
def base_dir
|
def base_dir
|
||||||
@ -90,7 +92,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||||
end
|
end
|
||||||
|
|
||||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
unless writable? base_dir
|
||||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -43,10 +43,6 @@ class MetasploitModule < Msf::Post
|
|||||||
datastore['PASSWORD'].to_s
|
datastore['PASSWORD'].to_s
|
||||||
end
|
end
|
||||||
|
|
||||||
def is_writable?(path)
|
|
||||||
cmd_exec("test -w '#{path}' && echo true").include? 'true'
|
|
||||||
end
|
|
||||||
|
|
||||||
def is_executable?(path)
|
def is_executable?(path)
|
||||||
cmd_exec("test -x '#{path}' && echo true").include? 'true'
|
cmd_exec("test -x '#{path}' && echo true").include? 'true'
|
||||||
end
|
end
|
||||||
@ -84,11 +80,11 @@ class MetasploitModule < Msf::Post
|
|||||||
base_name = File.basename cmd
|
base_name = File.basename cmd
|
||||||
|
|
||||||
if file_exist? cmd
|
if file_exist? cmd
|
||||||
if is_writable? cmd
|
if writable? cmd
|
||||||
print_good "#{cmd} is writable!"
|
print_good "#{cmd} is writable!"
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
elsif is_writable? base_dir
|
elsif writable? base_dir
|
||||||
print_good "#{cmd} does not exist and #{base_dir} is writable!"
|
print_good "#{cmd} does not exist and #{base_dir} is writable!"
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user